customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
SechPoint 2026-03-13 10:45:54 +00:00
parent 4183d2ea69
commit 322299b513
2 changed files with 18 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -16,4 +16,7 @@ Before attempting any installation, you **must** verify the environment. Banks o
# Download and run the pre-flight test # Download and run the pre-flight test
curl -sL "[https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/pre-deployment-test.sh](https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/pre-deployment-test.sh)" -o pre-deployment-test.sh curl -sL "[https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/pre-deployment-test.sh](https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/pre-deployment-test.sh)" -o pre-deployment-test.sh
chmod +x pre-deployment-test.sh chmod +x pre-deployment-test.sh
./pre-deployment-test.sh ./pre-deployment-test.sh
curl -sL "https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/wallarm-deploy-ct.sh" > wallarm-deploy-ct.sh

30
wallarm-deploy-ct.sh
View file

@ -76,7 +76,6 @@ get_user_input() {
echo "" echo ""
read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM read -p "Enter Instance Number (e.g., 1, 2, 3): " INSTANCE_NUM
# Validate it's a number
if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then if ! [[ "$INSTANCE_NUM" =~ ^[0-9]+$ ]]; then
echo -e "${RED}ERROR: Please enter a valid number.${NC}"; exit 1 echo -e "${RED}ERROR: Please enter a valid number.${NC}"; exit 1
fi fi
@ -94,9 +93,7 @@ get_user_input() {
read -p "Paste Wallarm Token ($CLOUD_SEL Cloud): " TOKEN read -p "Paste Wallarm Token ($CLOUD_SEL Cloud): " TOKEN
# Internal Connectivity Test (The Gatekeeper)
echo -n "Verifying connection to App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... " echo -n "Verifying connection to App Server ($UPSTREAM_IP:$UPSTREAM_PORT)... "
# Port check using /dev/tcp for speed and reliability in shell
if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then if ! timeout 2 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then
echo -e "${RED}FAILED${NC}" echo -e "${RED}FAILED${NC}"
echo -e "${RED}❌ ERROR: VM cannot reach internal app server at $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"; exit 1 echo -e "${RED}❌ ERROR: VM cannot reach internal app server at $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"; exit 1
@ -114,7 +111,6 @@ setup_engine() {
echo "Detected RHEL/CentOS. Setting up Podman..." echo "Detected RHEL/CentOS. Setting up Podman..."
sudo dnf install -y epel-release podman podman-docker wget curl &>/dev/null sudo dnf install -y epel-release podman podman-docker wget curl &>/dev/null
sudo systemctl enable --now podman.socket &>/dev/null sudo systemctl enable --now podman.socket &>/dev/null
# Firewall adjustments for Bank DMZs
sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null sudo firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp --add-port=$MONITOR_PORT/tcp &>/dev/null
sudo firewall-cmd --reload &>/dev/null sudo firewall-cmd --reload &>/dev/null
else else
@ -124,7 +120,6 @@ setup_engine() {
sudo systemctl enable --now docker &>/dev/null sudo systemctl enable --now docker &>/dev/null
fi fi
# Check for compose utility
if ! command -v docker-compose &> /dev/null && ! command -v podman-compose &> /dev/null; then if ! command -v docker-compose &> /dev/null && ! command -v podman-compose &> /dev/null; then
echo "Installing Compose utility..." echo "Installing Compose utility..."
if [ "$ENGINE" == "docker" ]; then sudo apt install -y docker-compose &>/dev/null; fi if [ "$ENGINE" == "docker" ]; then sudo apt install -y docker-compose &>/dev/null; fi
@ -137,8 +132,6 @@ setup_engine() {
execute_deployment() { execute_deployment() {
echo -e "\n${YELLOW}🚀 Preparing Workspace: $INSTANCE_DIR${NC}" echo -e "\n${YELLOW}🚀 Preparing Workspace: $INSTANCE_DIR${NC}"
sudo mkdir -p "$INSTANCE_DIR" sudo mkdir -p "$INSTANCE_DIR"
# Navigate to directory to ensure relative volume paths work correctly
cd "$INSTANCE_DIR" cd "$INSTANCE_DIR"
echo "Generating Nginx Configuration..." echo "Generating Nginx Configuration..."
@ -163,12 +156,13 @@ server {
} }
EOF EOF
echo "Generating Deployment Manifest (conf.yml)..." # Standardized to wallarm/node:latest
sudo tee "$INSTANCE_DIR/conf.yml" > /dev/null <<EOF echo "Generating Deployment Manifest (docker-compose.yml)..."
sudo tee "$INSTANCE_DIR/docker-compose.yml" > /dev/null <<EOF
version: '3.8' version: '3.8'
services: services:
node: node:
image: docker.io/wallarm/node:4.10-latest image: wallarm/node:latest
container_name: $NODE_NAME container_name: $NODE_NAME
restart: always restart: always
ports: ports:
@ -182,26 +176,30 @@ services:
EOF EOF
echo -e "${YELLOW}🚀 Launching Instance $INSTANCE_NUM ($NODE_NAME)...${NC}" echo -e "${YELLOW}🚀 Launching Instance $INSTANCE_NUM ($NODE_NAME)...${NC}"
# Remove existing container if it exists to allow re-runs
sudo $ENGINE rm -f "$NODE_NAME" &>/dev/null sudo $ENGINE rm -f "$NODE_NAME" &>/dev/null
# Pulling to ensure the latest version is fetched regardless of local cache
echo "Pulling Wallarm Node:latest image..."
sudo $ENGINE pull wallarm/node:latest
if command -v podman-compose &> /dev/null; then if command -v podman-compose &> /dev/null; then
sudo podman-compose -f conf.yml up -d sudo podman-compose -f docker-compose.yml up -d
else else
sudo docker-compose -f conf.yml up -d sudo docker-compose -f docker-compose.yml up -d
fi fi
} }
# --- 5. VERIFICATION --- # --- 5. VERIFICATION ---
verify_health() { verify_health() {
echo -e "\n${YELLOW}⏳ Waiting 5s for handshake...${NC}" echo -e "\n${YELLOW}⏳ Waiting 15s for handshake...${NC}"
sleep 5 sleep 15
echo -en "Checking instance status page (port $MONITOR_PORT)... " echo -en "Checking instance status page (port $MONITOR_PORT)... "
if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then if curl -s "http://localhost:$MONITOR_PORT/wallarm-status" | grep -q "requests"; then
echo -e "${GREEN}SUCCESS${NC}" echo -e "${GREEN}SUCCESS${NC}"
else else
echo -e "${RED}WARNING: Status page not responding yet. Check logs with 'sudo $ENGINE logs $NODE_NAME'${NC}" echo -e "${RED}WARNING: Status page not responding yet.${NC}"
echo -e "Check logs with: sudo $ENGINE logs $NODE_NAME"
fi fi
echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}" echo -e "\n${GREEN}✅ DEPLOYMENT FINISHED${NC}"